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REMARKS 

The Examiner has provisionally rejected Claims 1, 2, 9, 21, and 27-30 on the 
ground of nonstatutory obviousness-type double patenting as being unpatentable over 
claims I, 2, 9, 39, and 40 of copending Application No. 10/1 13,875 in view of Khaishgi et 
al. (US 6,658,394 Bl). Applicant respectfully asserts that such rejection is overcome in 
view of the filing of the terminal disclaimer submitted herewith. 

The Examiner has rejected Claims 1 , 2, 9, 2 1 , 22, and 27-30 under 35 U.S.C. 
103(a) as being unpatentable over Khaishgi, in view of Bates et al. (U.S. Patent No. 
6,721,721), and further in view of Bunker, V et al. (U.S. Patent Publication No. 
2003/0028803). Applicant respectfully disagrees with such rejection, especially in view 
of the amendments made hereinabove to the independent claims. Specifically, applicant 
has amended the independent claims to at least substantially include the subject matter of 
former dependent Claim 22. 

With respect to the subject matter of former Claim 22 (now at least substantially 
incorporated into the independent claims), the Examiner has relied on Figure 2, Numeral 
8 and 4 from the Khaishgi reference to make a prior art showing of applicant's claimed 
technique "wherein at least one of the first and second verification operations includes 
scanning the on-line service from a remote address on the network. 5 ' Specifically, the 
Examiner has argued that "[verification of [m]erchant 4 is done from the Certification 
Server which includes Theft Detection Modules 28, [and] Certification Service 8 can be 
seen remotely located from [rn]erchant 4." 

Applicant respectfully disagrees and asserts that with respect to the figure and 
numerals relied on by the Examiner, Khaishgi discloses that "[s]eal issuer 8 verifies the 
credentials, policies or business practices of each Merchant 4 and issues a corresponding 
seal of certification to each merchant 4 upon verification" (Col. 2, lines 44-46). 
Additionally, Khaishgi discloses that "seal issuer might, for example, verify that 
merchant 4 is a legitimate business merchant that complies with , or agrees to conform to, 
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certain standards " that "seal issuer 8 issues an electronic seal to merchants 4 that agree to 
participate in the web-based problem solving service," that "seal issuer 8 can... veriffvl 
merchants 4 compliance with privacy or security requirements," and that "seal issuer 8 
may perform a nominal amount of certification before issuing the seal such as verifying 
the contact information " (Col. 2, lines 48-62 - emphasis added). Further, Khaishgi 
discloses that "[t]heft detection modules 28 analyze request log 24 in order to detect any 
misuse or theft of an electronic seal" and "also use spidering technology to search 
network 12 for all occurrences of issued seals " (Col. 4, lines 8-23 - emphasis added) 

However, merely verifying the credentials, policies , or business practices of a 
merchant, including verifying compliance with standards and privacy or security 
requirements, and verifying the contact information of the merchant, in addition to 
analyzing a request log and searching a network for issued seals, as in Khaishgi , fails to 
disclose a technique "wherein at least one of the first and second verification operations 
includes scanning the on-line service from a remote address on the network" (emphasis 
added), as claimed by applicant. 

In addition, applicant has further amended the independent claims to distinguish 
applicant's claim language from the Khaishgi reference, as follows: 

"wherein the scanning produces a set of XML files including information about 
open ports, available service, network protocols, security exposures and vulnerabilities 
associated with a device providing the online service" and 

"wherein a scan header record associated with the scanning is stored in a 
database, the scan header record including a date, launch time, duration and a number of 
vulnerabilities classified by severity level." 

Applicant respectfully asserts that merely verifying the credentials , policies, or 
business practices of a merchant, including verifying compliance with standards and 
privacy or security requirements, and verifying the contact information of the merchant, 
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in addition to analyzing a request log and searching a network for issued seals, as in 
Khaishgi , fails to disclose a technique "wherein the scanning produces a set of XML 
files including information about open ports, available service, network protocols, 
security exposures and vulnerabilities associated with a device providing the online 
service" (emphasis added), as claimed by applicant. Nowhere in Khaishgi does "the 
scanning produces a set of XML files " (emphasis added), as claimed. 

Additionally, merely verifying the credentials , policies , or business practices of a 
merchant, including verifying compliance with standards and privacy or security 
requirements, and verifying the contact information of the merchant, in addition to 
analyzing a request log and searching a network for issued seals, as in Khaishgi , fails to 
disclose a technique "wherein a scan header record associated with the scanning is stored 
in a database, the scan header record including a date, launch time, duration and a number 
of vulnerabilities classified by severity level" (emphasis added), as claimed by applicant. 
Nowhere in Khaishgi is "a scan header record associated with the scanning . . . stored in a 
database" (emphasis added), in the context claimed by applicant. 

To establish a prima facie case of obviousness, three basic criteria must be met: 
First, there must be some suggestion or motivation, either in the references themselves or 
in the knowledge generally available to one of ordinary skill in the art, to modify the 
reference or to combine reference teachings. Second, there must be a reasonable 
expectation of success. Finally, the prior art reference (or references when combined) 
must teach or suggest all the claim limitations. The teaching or suggestion to make the 
claimed combination and the reasonable expectation of success must both be found in the 
prior art and not based on applicant's disclosure. In re Vaeck t 947 F.2d 488, 20 USPQ2d 
1438 (Fed.Cir. 1991). 

Applicant respectfully asserts that at least the third element of the prima facie 
case of obviousness has not been met, since the prior art excerpts, as relied upon by the 
Examiner, fail to teach or suggest aH of the claim limitations, as noted above. 



Still yet, applicant brings to the Examiner's attention the subject matter of new 
Claims 34-45 hereinabove, which are added for full consideration. 

Again, a notice of allowance or a proper prior art showing of all of applicant's 
claim limitations, in combination with the remaining claim elements, is respectfully 
requested. 

To this end, all of the independent claims are deemed allowable. Moreover, the 
remaining dependent claims are further deemed allowable, in view of their dependence 
on such independent claims. 

3 

In the event a telephone conversation would expedite the prosecution of this 
application, the Examiner may reach the undersigned at (408) 505-5100. The 
Commissioner is authorized to charge any additional fees or credit any overpayment to 
Deposit Account No. 50- 1351 (Order No. NAI 1 P647). 

Respectfully submitted, 
Zilka-Kotab, PC 
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